METASPLOIT PROJECT
The Metasploit Project, owned by Rapid 7, is a computer security program which is the world’s most used penetration testing framework. This Free and Open Source Software (FOSS) is used by nearly all penetration testers, and is extremely common in training courses from SANS, EC-Council, and many others.
The Metasploit Project, being Open Source Software, flourishes from the contributions of the community. nDepth’s own Mike Cyr (h00die) is a frequent contributor to the project and has continued to spend their personal time conducting security research and providing enhancements to Metasploit for the benefit of the security community. This month, h00die contributed the following enhancements:
LOADMASTER MODULE FIXES
Metasploit’s Progress Kemp Loadmaster privilege escalation module had a bug where if it was run on a non-Progress Kemp system, it would crash the module. While most people wouldn’t necessarily attempt to use this module on a non-vulnerable system, if they did the module crashed. This was especially apparent when running the privilege elevation suggestion module. A patch was submitted to stop the crash and run successfully by not assuming certain files were there before trying to read them.
AMAZON LINUX TARGET FIXES
Several privilege escalation modules check to determine the version of the system or software packages. Developers will often code in the version checking against a few system they have locally on hand. However, it was discovered that several modules did not work when run against Amazon Linux targets. Amazon Linux at times may add “amzn2int” or similar on to version numbers (instead of 5.4 for example, it may be 5.4.amzn2int). When modules now check for version numbers, they do it in a safer way that prevents crashing on Amazon Linux.
It was also discovered that the grsec checking functionality was not working correctly and was fixed.
LINUX POST EXPLOITATION LIBRARY COMMENTS AND TESTS
While not glamorous like an exploit module, libraries and tests are the bones of the Metasploit Framework. A few changes were submitted, adding tests to libraries to ensure any changes can be tested and confirmed to not break or alter functionality. Comments were also added to make the libraries easier to use for developers.
WEEKLY UPDATER
Several items within Metasploit are updated infrequently but could benefit from more frequent updates. A few examples are Metasploit’s user agent strings, and the list of WordPress plugins. Unfortunately, this type of information is manually updated between every 6 months and 2 years. A change was submitted to Metasploit to automate running the scripts to update these files on a weekly basis. While the module was accepted and works correctly, it was discovered that the permissions on the repository which Metasploit is kept in do does not allow for automated changes. However, this does automate half the work required to update these files and keep Metasploit up to date.
MISCELLANEOUS IMPROVEMENTS
Several other improvements were made to Metasploit by h00die including:
- Fixed an incorrect password in the documentation for hash cracking
To view this month’s contributions, check the following links:
- https://github.com/rapid7/metasploit-framework/pull/19813
- https://github.com/rapid7/metasploit-framework/pull/19810
- https://github.com/rapid7/metasploit-framework/pull/19682
- https://github.com/rapid7/metasploit-framework/pull/19911
- https://github.com/rapid7/metasploit-framework/pull/19779